Support webauthn (#17957)

Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-05-31 11:52:10 +00:00 · 2022-01-14 23:03:31 +08:00 · 2022-01-14 23:03:31 +08:00 · 35c3553870
commit 35c3553870
parent 8808293247
224 changed files with 35040 additions and 1079 deletions
--- a/modules/auth/webauthn/webauthn.go
+++ b/modules/auth/webauthn/webauthn.go
@ -0,0 +1,78 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package webauthn
+
+import (
+	"encoding/binary"
+	"encoding/gob"
+	"net/url"
+
+	"code.gitea.io/gitea/models/auth"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/duo-labs/webauthn/protocol"
+	"github.com/duo-labs/webauthn/webauthn"
+)
+
+//WebAuthn represents the global WebAuthn instance
+var WebAuthn *webauthn.WebAuthn
+
+//Init initializes the WebAuthn instance from the config.
+func Init() {
+	gob.Register(&webauthn.SessionData{})
+
+	appURL, _ := url.Parse(setting.AppURL)
+
+	WebAuthn = &webauthn.WebAuthn{
+		Config: &webauthn.Config{
+			RPDisplayName: setting.AppName,
+			RPID:          setting.Domain,
+			RPOrigin:      protocol.FullyQualifiedOrigin(appURL),
+			AuthenticatorSelection: protocol.AuthenticatorSelection{
+				UserVerification: "discouraged",
+			},
+			AttestationPreference: protocol.PreferDirectAttestation,
+		},
+	}
+}
+
+// User represents an implementation of webauthn.User based on User model
+type User user_model.User
+
+//WebAuthnID implements the webauthn.User interface
+func (u *User) WebAuthnID() []byte {
+	id := make([]byte, 8)
+	binary.PutVarint(id, u.ID)
+	return id
+}
+
+//WebAuthnName implements the webauthn.User interface
+func (u *User) WebAuthnName() string {
+	if u.LoginName == "" {
+		return u.Name
+	}
+	return u.LoginName
+}
+
+//WebAuthnDisplayName implements the webauthn.User interface
+func (u *User) WebAuthnDisplayName() string {
+	return (*user_model.User)(u).DisplayName()
+}
+
+//WebAuthnIcon implements the webauthn.User interface
+func (u *User) WebAuthnIcon() string {
+	return (*user_model.User)(u).AvatarLink()
+}
+
+//WebAuthnCredentials implementns the webauthn.User interface
+func (u *User) WebAuthnCredentials() []webauthn.Credential {
+	dbCreds, err := auth.GetWebAuthnCredentialsByUID(u.ID)
+	if err != nil {
+		return nil
+	}
+
+	return dbCreds.ToCredentials()
+}
--- a/modules/auth/webauthn/webauthn_test.go
+++ b/modules/auth/webauthn/webauthn_test.go
@ -0,0 +1,26 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package webauthn
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestInit(t *testing.T) {
+	setting.Domain = "domain"
+	setting.AppName = "AppName"
+	setting.AppURL = "https://domain/"
+	rpOrigin := "https://domain"
+
+	Init()
+
+	assert.Equal(t, setting.Domain, WebAuthn.Config.RPID)
+	assert.Equal(t, setting.AppName, WebAuthn.Config.RPDisplayName)
+	assert.Equal(t, rpOrigin, WebAuthn.Config.RPOrigin)
+}